Tuesday, October 1, 2019

Snort rule update for Oct. 1, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 20 new rules, 30 modified rules and 11 new shared object rules.

Tuesday's release provides protection against the Moonshine attack, a recent campaign aimed at install spyware onto Tibetan leaders' mobile devices.
Talos has added and modified multiple rules in the file-multimedia, file-other, malware-cnc, malware-other, policy-other, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

We would like to higlight the rule below:
  • 51672: This rule protects against the Moonshine attack, which researchers recently discovered being used in the wild. An APT known as "Poison Karp" used Moonshine to load spyware onto mobile devices belonging to members of the Tibetan government. The attack consists of a mixture of eight different vulnerabilities in the Android mobile operating system, but no zero-days. Researchers say the attackers targeted staffers of the Dalai Lama once in 2018, and then again in April and May of this year. Lilia Gonzalez Medina wrote this rule.
You can subscribe to Talos' newest rule detection functionality for as low as $29 a year with a personal account. Be sure and see our business pricing as well here. Make sure and stay up to date to catch the most emerging threats.